8298 questions

9759 answers

15542 comments

13863 members

0 votes
552 views 3 comments
by

I have configured a RUT955 as a VPN server with L2TP over IPSec.

Connecting from a Windows Client works fine. Connecting from an Android device to other L2TP over IPSec servers works also fine. But connecting from an Android Device to the RUT955 L2TP over IPSec Server does not work.

My configuration: Is there anything wrong?

1 Answer

0 votes
by
Hello,

Where are you taking yours Phase 1 and Phase 2 values from (Encryption, Authentication, Hash, DH)? because If I remember correctly those should be:

Phase 1: SHA2(256) - AES(256) - DH2
Phase 2:  SHA2(256) - AES(256)

Some older versions of Android OS use these default transforms:

Phase 1: SHA1 - AES(256) - DH2
Phase 2: SHA1 - AES(256)

So unless you changed it somewhere or for yours phone/Android there are other values you should change them in yours configuration accordingly.

Best regards,
Vidas.
by
Thank you for your answer, the hint (first set of parameters) was helpful. VPN works now from Windows and from Android.

Best regards
GKap
by
Hello,

Is there similar settings for iPhone and iPad.

The L2TP/IPSec works fine with my Windows 10 native VPN source, but for the iPhone and iPad it fails.

Best regards

Mikael
by

Hello Mikael,

For iOS devices you will have to try combinations of following parameters:

For devices with iOS 9.3 and higher or macOS 10.11.4 and higher, these combinations of Phase 1 and 2 settings are supported.

If Diffie-Hellman Group 14 is selected in the Phase 1 settings:

  • Phase 1 Authentication - MD5, SHA1, SHA2(256), SHA2(512)
  • Phase 1 Encryption - AES256
  • Phase 2 Authentication - MD5, SHA1
  • Phase 2 Encryption - 3DES, AES128, AES256
  • Perfect Forward Secrecy - No

If Diffie-Hellman Group 2 is selected in the Phase 1 settings:

  • Phase 1 Authentication - MD5, SHA1
  • Phase 1 Encryption - DES, 3DES, AES128, AES256
  • Phase 2 Authentication - SHA1, MD5
  • Phase 2 Encryption - 3DES, AES128, AES256
  • Phase 2 PFS - No

For devices with versions of iOS lower than 9.3, these Phase 1 and 2 settings are supported.

Diffie-Hellman Group 2:

  • Phase 1 Authentication - MD5 , SHA1
  • Phase 1 Encryption - DES, 3DES, AES128, AES256
  • Phase 2 Authentication - MD5 , SHA1
  • Phase 2 Encryption - 3DES, AES128, AES256
  • Phase 2 PFS - No
Best regards,
VidasKac.